cvedb.io
CVE-2023-22597
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2023-01-12T23:15:10.203 · Last modified 2026-06-17T05:35:42.237

Summary

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An unauthorized user could intercept this communication and steal sensitive information such as configuration information and MQTT credentials; this could allow MQTT command injection.

Affected products

inhandnetworks — inrouter302_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when inhandnetworks ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.